Use SMS as a tool to battle spyware

Find out how to use SMS and a modified host file to help keep systems safe from ads, banners, cookies and Web bugs.

This Content Component encountered an error

Please let us know how useful you find this tip by rating it below. Do you have a useful Windows tip, timesaver or workaround to share? Submit it to our tip contest and you could win a prize!


Anyone who has surfed the Internet during this past year has knowingly, or unknowingly, picked up some kind of spyware along the way. In the corporate environment, this can become a never-ending battle, especially for traveling users. Most users and their systems are protected when on the corporate WAN by antivirus or other software. However, support personnel may spend hours cleaning a system only to have the system get hit again when the user is home or on the road.

Here's one solution that uses Systems Management Server (SMS) and a modified host file to help keep systems safe from ads, banners, cookies, Web bugs and even most hijackers.

Mike Burgess, a Microsoft MVP, created this host file and its function. The idea to use SMS as a tool to deliver and copy the updated host file on a regular basis was something I've pondered for quite a while. Using the bitsdamin.exe tool, data from MyITforum http://myitforum.techtarget.com/articles/19/view.asp?id=6381 and information from Mike's Web page http://www.mvps.org/winhelp2002/hosts.htm, I created an SMS installer to download the updated host file from Mike's site.

This utility does three things:
1. It takes a current host file and unprotects it so you can download the newest copy.
2. Bitsadmin.exe copies the current file down.
3. The host file gets protected (again) so it cannot be written to in the future, unless it's by this tool.

Using the SMS Installer, you can get a general idea from the screenshot below how the tool works:

By setting the attributes on the host file, you can protect it from future writes by malicious software. You need to copy all the files in the zip to a single folder and deploy them via a normal SMS advertisement.

There are a few caveats to this process. In the image above you can see that I have the times set at 8 seconds. If you tweak this down to a fewer number of seconds, it may not copy the host file properly. It takes less than a minute to get this job done. If you find that the host file doesn't complete or disappears, tweak the times higher to suit your needs.

Also, if you want to view the installer in action, make sure you turn off the folder option for viewing hidden files. Not doing that may make it look like the host file was either deleted or it disappeared. Also, be aware of your corporate policy on the use of the host file. Some businesses either know how to use it as a tool or they have no idea, so consult the subject matter expert at your site.

Once again, thanks to Mike Burgess for allowing me to use his file and his security ideas located at: http://www.mvps.org/winhelp2002/hosts.htm

Download file:
http://myitforum.techtarget.com/inc/upload/10589mvphost.zip

 


Michael Mott is an SMS administrator for Pfizer Inc. He can be reached at Michael.mott@pfizer.com.

This article first appeared in myITforum.com, the online destination for IT professionals who manage their corporations' Microsoft Windows systems and is also part of the TechTarget network of industry specific IT web sites. The centerpiece of myITforum.com is a collection of member forums where IT professionals exchange technical tips, share their expertise and download utilities that help them better manage their Windows environments, specifically Microsoft Systems Management Server (SMS).

This was first published in April 2005

Dig deeper on Windows Disaster Recovery and Business Continuity

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchServerVirtualization

SearchCloudComputing

SearchExchange

SearchSQLServer

SearchWinIT

SearchEnterpriseDesktop

SearchVirtualDesktop

Close